We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

The FTC is seeking details about the assessment process employed by the companies, including the ways assessors and companies they assess interact; copies of a limited set of example PCI DSS assessments, and information on additional services provided by the companies, including forensic audits.

Information collected by the FTC will be used to study the state of PCI DSS assessments.

Within 45 days these 9 vendors were ordered to respond:

Foresite MSP, LLC

Freed Maxick CPAs, P.C.

GuidePoint Security, LLC

Mandiant

NDB LLP

PricewaterhouseCoopers LLP

SecurityMetrics Sword and Shield Enterprise Security, Inc. and

Verizon Enterprise Solutions (also known as CyberTrust)

The FTC’s action may lead to laws regulating credit card data rather than PCI dictating their rules to companies that process credit card information.

Compare jurisdictions: BYOD: Bring Your Own Device

”Lexology is a useful and informative tool. I keep copies of relevant articles and often forward them to colleagues. Although I do not know all of the authors/firms, by reading their articles I do gain an understanding of their appreciation of a topic, and should the need arise I would not hesitate to contact them on those topics.”